Modern organizations generate, store, and communicate large quantities of data. In many instances, organizations include individuals having different rights to data, or different rights to communicate with other individuals or access particular computing resources. It is frequently important that such organizations be able to quickly and securely access the data stored at the data storage system. In addition, it is frequently important that data stored at a data storage system, or communicated between computing systems, be recoverable if the data is communicated or written incorrectly or are otherwise intercepted or corrupted.
To address the above issues, Unisys Corporation of Blue Bell, Pa. developed a Stealth solution that uses a kernel-level driver to implement end-to-end cryptographic connections for communication of data across public and private networks. This solution allows users to communicate with other users having common user rights, while segregating user groups by way of assignment of different cryptographic keys used for each user group, or “community of interest” (COI). Stealth is an enterprise security system that (1) authenticates endpoints as part of one or more communities of interest, and (2) assigns one or more filters to one or more endpoints to provide communication permissions that enforce a COI as well. In one example, a COI can be enforced with a set of encryption keys. Each COI corresponds to a role, and a set of COIs can be a use profile. The filters can be, for example, a whitelist or block list to allow specific communications as well.
Of course, there may be at least some network devices (e.g., printers, scanners, supervisory control and data acquisition (SCADA) devices, monitors, network-attached machines, webcams, and the like) that are not part of a COI, and which are not equipped with Stealth technology. Unlike participants of a COI, such non-Stealth devices have IP addresses that are visible to other network nodes. It would be desirable, therefore, to provide a method and system that would enable such devices to benefit from Stealth security, even if they do not possess Stealth technology themselves.